package cn.rentaotao.spring.web;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author rtt
 * @date 2022/5/19 16:51
 */
@RestController
@RequestMapping("/security/method")
public class MethodSecurityController {

    @RequestMapping("/secured")
    @Secured("ROLE_USER")
    public String secured() {

        return "ok";
    }

    @RequestMapping("/preAuthorize")
    @PreAuthorize("hasRole('ROLE_USER') and #param.length() < 5")
    public String preAuthorize(@RequestParam("param") String param) {

        return "ok";
    }
}
